Cybersecurity News
Transnational Fraud Ring Bilks U.S. Military Service Members Out of Millions
A former medical records tech stole PII that was then used to fraudulently claim DoD and VA benefits, particularly targeting disabled veterans.
Fraudster jailed for stealing US military health records, millions in benefits
Military benefit fraud was the goal of a transnational criminal ring.MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed
Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.
3.1M Neiman Marcus Customer Card Details Breached
Experts say the detection delay of 17 months is a colossal security blunder by the retailer.
Week in security with Tony Anscombe
New ESET Threat Report is out – Cybersecurity Awareness Month begins today – What organizations should do to secure their VPNs
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Flubot Malware Targets Androids With Fake Security Updates
The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients.
FCC Proposal Targets SIM Swapping, Port-Out Fraud
The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target's mobile phone number and use that to wrest control over the victim's online identity.New APT ChamelGang Targets Russian Energy, Aviation Orgs
First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.
Chief exec of cybersecurity Group-IB arrested on treason charge
Group-IB maintains the CEO is innocent.Android, Java bug bunting tool Mariana Trench goes open source
Mariana Trench originated as an internal Facebook tool.October is Cybersecurity Awareness Month! Why being cyber‑smart matters
The campaign may last for a month, but we should remember that cybersecurity is a year-round affair
The post October is Cybersecurity Awareness Month! Why being cyber‑smart matters appeared first on WeLiveSecurity
Google Emergency Update Fixes Two Chrome Zero Days
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild.
Military’s RFID Tracking of Guns May Endanger Troops
RFID gun tags leave the military exposed to tracking, sniffing and spoofing attacks, experts say.
Tips & Tricks for Unmasking Ghoulish API Behavior
Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity.
Hackers could force locked iPhones to make contactless payments
Flaws in Apple Pay and Visa could allow criminals to make arbitrary contactless payments – no authentication needed, research finds
The post Hackers could force locked iPhones to make contactless payments appeared first on WeLiveSecurity
Just Published: P2PE v3.1
Today, the PCI SSC published a minor revision to the PCI Point-to-Point Encryption (P2PE) ® Standard. We talk with Mike Thompson, Senior Manager of Emerging Standards and the Chair of the PCI Council’s P2PE Working Group, about some of these changes.
Proxy Phantom: Fraud rings flood online merchants with credential stuffing attacks
Over 1.5 million stolen credential sets are being used by one fraud operation.The Top Ransomware Threats Aren’t Who You Think
Move over REvil, Ragnar Locker, BlackMatter, Conti et al: Three lesser-known gangs account for the vast majority of ransomware attacks in the U.S. and globally.
Fears surrounding Pegasus spyware prompt new Trojan campaign
Criminals hope that the lure of a promise to protect you from spyware will make you click that link.Thousands of University Wi-Fi Networks Expose Log-In Credentials
Certificate misconfigurations of the EAP protocol in Eduroam (and likely other networks globally) threaten Android and Windows users.